Back to careers

Head of Information Security, Vice President

Location

New York

Job description

Position:  Head of Information Security, Vice President

Reports to:  Chief Technology Officer

Position Summary: 

Reporting to the Chief Technology Officer, this hands-on position is responsible for improving and maintaining the cybersecurity program at Wafra with the responsibility to protect the confidentiality, integrity, and availability of Wafra systems and data. The Head of Information Security is responsible for identifying, tracking, and mitigating risks to the Wafra technology infrastructure and staying in tune with the legal and regulatory environment. Measurement of the cybersecurity program and reporting on status will be key in this role.  This is a hands-on role with someone who not only can manage a cybersecurity program but someone who has built a secure infrastructure in a hands-on role with a preference for someone who has deep experience in the Microsoft Azure and the Office 365 stack.  The Head of Information Security will be expected to identify and implement technical controls within the Wafra infrastructure environment themselves without relying on others.  Imperative to the success of this role is the ability to “change hats” when needed and assist with infrastructure, networking and cloud issues and questions if required.

The Head of Information Security will be responsible for the Wafra Cybersecurity Policy and ensuring it is adequate and up to date. The role will also lead the cybersecurity efforts to validate on-boarding third parties. Experience implementing and monitoring cybersecurity frameworks such as NIST, CIS, ISO, and others is critical.  Because this is a technical role the Head of Information Security will be expected to understand both the business and technical environment but will need deep expertise in cloud and on-premises infrastructure and security environments.

Duties and Responsibilities:

  • Leverage the Microsoft Azure security stack to prevent, detect and respond to threats
  • Drive efforts to improve and implement data classification and data loss prevention (DLP)
  • Provide regular reporting on the status of the information security program
  • Play a key thought leadership and operational role in driving the security program
  • Update the incident response plan and corresponding playbooks. Lead incident response tabletops
  • Using your hands-on skills – proactively threat hunt using a variety of tools looking for indicators of compromise
  • Work with the SOC on alerting, triaging, and responding to potential incidents
  • Manage the cybersecurity awareness program and constantly work on new ways of improving employee awareness based on current threats
  • Perform risk assessments on all new IT changes and projects
  • Develop and maintain a framework of continuously up-to-date information security policies, standards, and guidelines
  • Lead cybersecurity projects focused on mitigating probable and impactful risks
  • Develop and enhance an up-to-date information security management framework
  • Using threat intelligence services tweak the cybersecurity program based on current threats and risks
  • Lead periodic permission reviews on all applications and data sources
  • Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the security program
  • Coordinate with the Technology Steering Committee to ensure security and business requirements are aligned
  • Work with the compliance team to ensure that all information owned, collected, or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements
  • Manage and secure all applications, endpoints, network, and cloud environments
  • Lead penetration testing and red teaming efforts
  • Manage and measure the vulnerability and update management program
  • Create and measure a robust insider threat program
  • Manage security and cloud vendors
  • Oversee technology dependencies outside of direct organizational control
  • Align cybersecurity and disaster recovery objectives

Requirements:

  • Hands-on experience in cloud infrastructure with Microsoft Azure preferred
  • Proven capability to work alone in implementing security changes
  • Strong knowledge of information security best practices, standards, and frameworks, such as CIS, NIST, ISO and others
  • Proven track record and experience in developing information security policies
  • Private Equity and/or hedge fund experience strongly preferred
  • Hybrid infrastructure experience required

Competencies:

  • Ability to work well in changing teams
  • Work well in a flat organizational structure
  • Ability to change roles to perform duties outside of comfort zone
  • Someone who admits mistakes and learns from them
  • Complex problem solver
  • Fast-paced thinker and mover
  • Project Management, work prioritization and administration
  • Strong written and verbal communication and presentation skills
  • Exceptional soft and interpersonal skills, including teamwork, facilitation, and negotiation
  • Excellent planning and organizational skills
  • Comfortable, experienced, and accomplished at working with business executives

Education and Experience:

  • Bachelor’s degree in computer science or similar
  • 5 years of experience as a cybersecurity engineer and/or Head of Information Security

Certifications and Licenses:

  • Professional security management certification such as CISSP, CCISO, CISM, and/or CISA

Please send your resume to ITRecruiting@wafra.com with the subject “Head of Information Security”.

Wafra Inc. is an equal opportunity employer.

Apply for a job